01-02-2007, 11:52 PM
|
Anyone paying attention to this? "Month of Apple Bugs"
|
01-03-2007, 12:00 AM
The second one *is* Apple code.
"A format string vulnerability exists in the handling of the udp:// URL handler. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC." The Apple code dealing with the udp:// URL handler is such that a specially crafted string by a remote attacker could cause arbitrary code execution under the privileges of the user running VLC. It's not VLC itself; it's Apple's code.
01-03-2007, 12:01 AM
FAQ on the linked page.
3. Are Apple products the only one target of this initiative? Not at all, but they are the main focus. We'll be looking over popular OS X applications as well.
01-03-2007, 12:29 AM
[quote elmo3]The second one *is* Apple code.
"A format string vulnerability exists in the handling of the udp:// URL handler. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC." The Apple code dealing with the udp:// URL handler is such that a specially crafted string by a remote attacker could cause arbitrary code execution under the privileges of the user running VLC. It's not VLC itself; it's Apple's code. Did you miss this part? Affected versions This issue has been successfully exploited in VLC version 0.8.6 for Mac OS X. Previous versions and other platforms might be affected (thanks to David Maynor for confirming the issue in the Microsoft Windows version). If it's Apple's code, why does the exploit also apply to Windows? And if uninstalling VLC is a fix for this situation, how does that not make it a VLC issue?
01-03-2007, 05:37 AM
As an aside, wouldn't the Windows equivalent be something like a hundred years of Bugs?
|
|
« Next Oldest | Next Newest »
|
Users browsing this thread: 1 Guest(s)